Overview

overview

10

Static

static

7

cf95fc0470...bb.apk

android-9-x86

10

cf95fc0470...bb.apk

android-10-x64

10

cf95fc0470...bb.apk

android-11-x64

10

appboy-htm...ent.js

windows7-x64

1

appboy-htm...ent.js

windows10-2004-x64

1

aps-mraid.js

windows7-x64

1

aps-mraid.js

windows10-2004-x64

1

dtb-m.js

windows7-x64

1

dtb-m.js

windows10-2004-x64

1

happygame.js

windows7-x64

1

happygame.js

windows10-2004-x64

1

libByteAIDT.so

ubuntu-18.04-amd64

libByteAIDT.so

debian-9-armhf

libByteAIDT.so

debian-9-mips

libByteAIDT.so

debian-9-mipsel

libByteAINN.so

ubuntu-18.04-amd64

libByteAINN.so

debian-9-armhf

libByteAINN.so

debian-9-mips

libByteAINN.so

debian-9-mipsel

libbuffer.so

ubuntu-18.04-amd64

libbuffer.so

debian-9-armhf

libbuffer.so

debian-9-mips

libbuffer.so

debian-9-mipsel

libnative-filters.so

ubuntu-18.04-amd64

libnative-filters.so

debian-9-armhf

libnative-filters.so

debian-9-mips

libnative-filters.so

debian-9-mipsel

libnpth_dl.so

ubuntu-18.04-amd64

libnpth_dl.so

debian-9-armhf

libnpth_dl.so

debian-9-mips

libnpth_dl.so

debian-9-mipsel

libttmverify.so

ubuntu-18.04-amd64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cf95fc04703d711dcdc8916535dc0a058966fcfa4ac758dc36699ae469bd90bb.bin

  • Size

    3.1MB

  • Sample

    231106-1xfnpaff6z

  • MD5

    67aa789ed858a78f6ca1f7cb6f6411d7

  • SHA1

    f67e857fdbada5c1dd929dfb552dc39eb82acd07

  • SHA256

    cf95fc04703d711dcdc8916535dc0a058966fcfa4ac758dc36699ae469bd90bb

  • SHA512

    54844aa9ebc73fdfe5b1bad25604da23d6edab24225c53a2e6bee1f9122594bc24baf82d2c285e3745c8f79e0abd7d24bb79748c19cfecb881a3ff67974bf6e9

  • SSDEEP

    98304:WBeghwapHRr2Kf9utMb+sph0qtJpoBMI5l+bKXWM4R1:WBeRaLZFutMbJe4Ytl+2N4R1

Score
10/10
hydraandroidbankerinfostealerlinuxtrojan

Malware Config

Extracted

Family

hydra

C2

http://aykomediki.net

Targets

    • Target

      cf95fc04703d711dcdc8916535dc0a058966fcfa4ac758dc36699ae469bd90bb.bin

    • Size

      3.1MB

    • MD5

      67aa789ed858a78f6ca1f7cb6f6411d7

    • SHA1

      f67e857fdbada5c1dd929dfb552dc39eb82acd07

    • SHA256

      cf95fc04703d711dcdc8916535dc0a058966fcfa4ac758dc36699ae469bd90bb

    • SHA512

      54844aa9ebc73fdfe5b1bad25604da23d6edab24225c53a2e6bee1f9122594bc24baf82d2c285e3745c8f79e0abd7d24bb79748c19cfecb881a3ff67974bf6e9

    • SSDEEP

      98304:WBeghwapHRr2Kf9utMb+sph0qtJpoBMI5l+bKXWM4R1:WBeRaLZFutMbJe4Ytl+2N4R1

    Score
    10/10
    hydrabankerinfostealertrojan

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Hydra payload

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

    behavioral1behavioral2behavioral3

    • Target

      appboy-html-in-app-message-javascript-component.js

    • Size

      4KB

    • MD5

      2cacca17d8bee29690b3fed9a8053e27

    • SHA1

      95a316d262434f6146367ebf0c8891dee2845c18

    • SHA256

      5e33430b3d5bff988c5c3a80dc5ce0d7942c8d35df1a19e53f97571ca4e69f4d

    • SHA512

      3a959856cd95c7e2b89c1c1ac741fc372a7ae8f886dcc2c3acc917c432a72835e82964c3c3d13a2fd6e3d304ba78e367526a13a067e0f36292520fa14b904e5e

    • SSDEEP

      96:ClCF13kkhTmmDbm7o5q8rnC3pjG6qWo307IL/QW:uq13kkfPm7o5qJxZiOIL/QW

    Score
    1/10
    behavioral4behavioral5

    • Target

      aps-mraid.js

    • Size

      10KB

    • MD5

      7eb2e0ad4328a0c303ba8a0a77fbbcee

    • SHA1

      fba9f141cd195378cbb266228b2c3abe6f1a2319

    • SHA256

      5786e5ec3a9425ea2297eccf7b5629491a7c58bdd5877f5a0edadac073ed532d

    • SHA512

      7cbebf9395e4ee3624c3ab84948d98a9b6592946221409681e3ade83f1f2831d0213ba20052f98e71230b9ef7e072e6b0b816534b777bfb512053100bbd0098c

    • SSDEEP

      192:RiCYiIp5RsHMSP2io9SyKMnbCXnBtdyvgVHGlzjTSWiwvi/:RJ6VsHVP2io2MnUjyvgVkzP3i3

    Score
    1/10
    behavioral6behavioral7

    • Target

      dtb-m.js

    • Size

      33KB

    • MD5

      2958b7dce738e82e3f9edac9408f0218

    • SHA1

      1a736dd5a5f87ebab2ba3bbc557a12487eef2df6

    • SHA256

      d6e2d6da7fa58b8d53828b1dac654d57d656fe47fa9898c0aae84cbcf3b8fc61

    • SHA512

      3c7612232f1f8ec8a51745fa3593bae9e8351849bee1de34ff341c33583c7e39a6313ea28260797a97c4c64cad781931f80965ea0fd1c05b772a1d6b00332d8c

    • SSDEEP

      768:cM85TLOVEVU3SGgmAms+SBED+tSklU+EF:c1JO6VU3ZymWBUP

    Score
    1/10
    behavioral8behavioral9

    • Target

      happygame.js

    • Size

      1KB

    • MD5

      9bcbb11978a95acf2958fd9769d5e2e1

    • SHA1

      bd62a9a7c79935214658feac5f7e1e78205f53e6

    • SHA256

      1fd06dc741b7ed57d54702c39d9a42cdccc7bfadfd5b7c23dc1cfbfa66424d90

    • SHA512

      80d6e70c026867e9a9690163524adab4d913a5d74472f191dd509ec4cc99a11e86e9823ea06b6e59e6851e06f09304a589f5ae7ab63a2c24525199316390f10b

    Score
    1/10
    behavioral10behavioral11

    • Target

      libByteAIDT.so

    • Size

      21KB

    • MD5

      34a713e1d5ff4fa8083359bc48c6005d

    • SHA1

      7a8b5ec6fec434c8a01a5a3530f265d99087f753

    • SHA256

      de37a3fb640d1f63d17735c8362ffc920a150d119c2e4b69b77d4f15f6a7a591

    • SHA512

      f44de14ea7b01f215f397bb05eb5bd71d6a19e74abc5d2d968a0a3651bca13514be9bab8e4f0bbc357ae5cbdd96f14f8f236cba88af78bf44dd6fc3bfe42ad63

    • SSDEEP

      384:SmQh19DlsT4BO8Sw4XVahRJq69twblo6cTuk2IA5N8i:PT4SwJhzZ9tu7cTuwA5NH

    Score
    1/10
    behavioral12behavioral13behavioral14behavioral15

    • Target

      libByteAINN.so

    • Size

      37KB

    • MD5

      c64c2643f4176af985bb58de71695b57

    • SHA1

      d4fe1d9772730f8c5bd2c85cb4906dfed6c2eee4

    • SHA256

      16da9ebf032e374cee62a0ed9ec43d0c3ee9b427b02303c7625a0c9a82bf0d29

    • SHA512

      50db591de37c961ab09ac1e683962428c727c895c3f84d7d85e083962ee501fec2a3f126381825271da8898c8ed0a041991f86f2100a3712469bca0ad3aa4c1f

    • SSDEEP

      768:xn0UY7jTxflotqS3nrfdevh4GS9cj8Hc8x+zpghG91I:l0UU/xflujnzdev2S8+zpghG91I

    Score
    1/10
    behavioral16behavioral17behavioral18behavioral19

    • Target

      libbuffer.so

    • Size

      9KB

    • MD5

      bd76635e93a3372bed08e27ea3c06414

    • SHA1

      55fef8dde468e05dfbafed097a1fa6d52dca354c

    • SHA256

      fe8f6e8e1550fc5384d9aa1418aaa4403380ac960c63d2bfca304b232545ed58

    • SHA512

      1080fbf41fa2694e5b5494f0722b33bd6c95043ff89dd0ce80eb44c659199376d4bb1207ac1973a116449ec22ec61fa0a748850743139930135d6313c0a3aee6

    • SSDEEP

      96:G39wMeXpaewWHZxKk6zszetcxg1AbsxRLgOVeqVedi+y8x9sj6lSrghsnUb/:s9neXJK2auO4qV0i+y8ximpCI

    Score
    1/10
    behavioral20behavioral21behavioral22behavioral23

    • Target

      libnative-filters.so

    • Size

      25KB

    • MD5

      b33de95a10b3b4d10bbad2a7b86c6d2e

    • SHA1

      f4d306ef13fb527c8a9b46ac4431caabf2467aed

    • SHA256

      3692f76af546c8adc605be96e3fb0d7d53f58f56ea2692fc5d779cc0d89730f5

    • SHA512

      2110b5479d6cfd11b429276bc86d57370b620c96716465643e693191e47d9d3f27aa29e831de849133d48bd39a8a293019deb2e8b222ca0acf2564e4ec467490

    • SSDEEP

      384:QX5UNodSgkMxCwEqP5EHSXTJ9bkYCVbqh7Q2MtUtC1yFRu0:QXXSgCwEqBEHaTJ9bkYCVk7NtCUu0

    Score
    1/10
    behavioral24behavioral25behavioral26behavioral27

    • Target

      libnpth_dl.so

    • Size

      25KB

    • MD5

      2eb075398ec339a8fe223422607a1486

    • SHA1

      0c9d36b7ce43d8b1b64aae2818b01ff93c750f35

    • SHA256

      dc202072c4c63026cc8db2ca9eafef5653d3200f10b042d966af895e6d55784f

    • SHA512

      fb2530c5e6a7bd87e8d568b9dcfca223aecb442f3428047fce0f9f51812189e7967cbcba38f64ca6883f5903c546aa6e33598c881dae522ec40398e740be5f3d

    • SSDEEP

      384:ggvtKrXk7/qkl77v5CCtmQhJUnyCyzlHamfwxe60Q9vygS86:gWtKrijl77v53mQhJU8l7fwxe60QFytl

    Score
    1/10
    behavioral28behavioral29behavioral30behavioral31

    • Target

      libttmverify.so

    • Size

      9KB

    • MD5

      4d52f325d5cb1bd3b4205515a8bdc486

    • SHA1

      3050f92106d6bfdb5d3220cf996c982e52a79380

    • SHA256

      c880e6b5c2f914c59d008fe7e67488a5a776d3648d75e7ac085df5bf95687dcf

    • SHA512

      41b00f56bbc16f0a8db12c10012446f63f1d7336fdbe4d3c0c68fb3bec8b8ff209aada89d1b7c86fba4258718d517609b0f71c36e9dcf71bc1eb6f209eaad216

    • SSDEEP

      96:R2wcLQZkRaHMuP8n1lisuO9gqIqSH6MZDJhQBRgTo4Lj:jcLQHMuP8n+OOBwaVhjb

    Score
    1/10
    behavioral32

MITRE ATT&CK Matrix

Tasks

static1

Score
7/10

behavioral1

hydrabankerinfostealertrojan
Score
10/10

behavioral2

hydrabankerinfostealertrojan
Score
10/10

behavioral3

hydrabankerinfostealertrojan
Score
10/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10